<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-abc' data:">
<script nonce="abc" src="/resources/testharness.js"></script>
<script nonce="abc" src="/resources/testharnessreport.js"></script>
<script nonce="abc">
    async_test(t => {
        var watcher = new EventWatcher(t, document, 'securitypolicyviolation');
        watcher.wait_for('securitypolicyviolation').then(t.step_func_done(e => {
            assert_equals(e.blockedURI, "eval");
            assert_equals(e.sourceFile, "data");
            assert_equals(e.lineNumber, 3);
            assert_equals(e.columnNumber, 17);
        }));

        var scriptText = `
            try {
                eval("assert_unreached('no eval')");
            } catch (e) {
                assert_equals(e.name, 'EvalError');
            }
        `;
        var s = document.createElement("script");
        s.src = "data:text/javascript," + encodeURIComponent(scriptText);
        document.head.append(s);
    }, "Violations from data:-URL scripts have a sourceFile of 'data'");
</script>
